2013-02-20T23:47:16ZFluxBBhttps://bbs.archlinux.org/viewtopic.php?id=157990Yes, backup. You can use tar to backup. It will backup everything except extended attributes (xattr) and SElinux flags. It will backup Sticky-Bit and stuff. On a normal Arch install you are not using xattr's though.... I am 98% sure.

Yes, you just edit /etc/default/grub and add this to make sure it has TRIM enabled. Then rebuild the gurb.cfg

GRUB_CMDLINE_LINUX="cryptdevice=/dev/sdaX:root:allow-discards"

I have a LVM-on-LUKS setup.Here are my notes on how I set it up. Take what you need (don't copy & past )

Owe, and from what I read it is not necessary to "--align-payload" with ether cryptsetup or LVM2 these days. Both are suppose to align to 1MB my default.

One more cool thing. You know, if you have /boot and GRUB installed on a USB stick you don't have to partition your SSD/HDD at all. You can encrypt ALL of /dev/sda and then ether put LVM, GPT, MBR, or simply a file-system right on top of the /dev/mapper/root

I don't really see much of a reason to do that but it would be cool

]]>https://bbs.archlinux.org/profile.php?id=172182013-02-20T23:47:16Zhttps://bbs.archlinux.org/viewtopic.php?pid=1234703#p1234703A couple of things to your questions: 1. A Luks blockdevice has nothing to do with permissions. Just backup your system correctly and restore it onto the encrypted partition. Please see the backup wiki for such a general question. Also look at the discussion page: https://wiki.archlinux.org/index.php/Ta … 2012.07.15which contains some links to bbs threads covering such. Along the.sad.clown's suggestion, nothing hinders you to test restoring to a VM too.2. Yes. You can turn on/off discards anytime, do it manually or via mount option, as you like (if your SSD supports it generally). 3. Common culprit: Plan your partitioning. In particular if you need LVM or not, as changing that afterwards (e.g. from a single / system + /boot) means backup / restore again.

One hint not on the wiki or other threads here yet - the new cryptsetup just rolled in this week with a great new feature:

cryptsetup benchmark

shows you CPU encryption throughput for your system for the various ciphers. In particular if you have a fast SSD and a slow CPU, it helps to make an informed choice not to slow down io throughput.

]]>https://bbs.archlinux.org/profile.php?id=520192013-02-13T23:11:15Zhttps://bbs.archlinux.org/viewtopic.php?pid=1231798#p1231798Someone who knows more than me will hopefully pipe in, but I've been thinking about encrypting my HDD as well. My suggestion would be to use a VM and practice on an installation you don't care about to get familiar with it.]]>https://bbs.archlinux.org/profile.php?id=471492013-02-12T22:54:50Zhttps://bbs.archlinux.org/viewtopic.php?pid=1231185#p1231185Hi Guys!

My current installation looks as follows:My Archs / is installed on sda5 (in a extended partion sda3, sda1/2 are windows partitions). / is not encrypted, my ~ is encrypted with eCryptfs. sda is a SSD (OCZ Vertex 2).I also have a hard-disk at sdb, which has sufficient space for the content of my /.

I want to use a full-partition encryption ( like described here: https://wiki.archlinux.org/index.php/Dm-crypt_with_LUKS ). According to this, since version 3.1, the linux kernel supports TRIM'ing of SSD's. I'm aware that this is not as secure as not-trimming, but i'll take the risk.

My problem is that i don't know how i should achieve that with all my old stuff intact, nor how to make sure that i use the correct cryptsetup-params to make the new partition trimmable.

1. I'd guess i copy both my decrypted home and the rest of the partition to my sdb. How to make sure that permission etc. will survive that?

2. Can I follow a 'normal' cryptsetup-tutorial to set the encrypted partition up and will then be able to use the :allow-discards-option and be fine? Or do I have to follow a specific installation routine to make the partition trimable? The wiki I mentiond earlier is not so clear about that.

3. Can you give me hints, curlpits that may wait for me or otherwise a bit hope that everything is going to work?